This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Definition in file rules-tests.c.
#include <config.h>
#include "libpoldiff-tests.h"
#include "rules-tests.h"
#include "policy-defs.h"
#include <CUnit/Basic.h>
#include <CUnit/TestDB.h>
#include <poldiff/poldiff.h>
#include <apol/policy.h>
#include <apol/vector.h>
#include <apol/util.h>
#include <assert.h>
#include <stdio.h>
#include <errno.h>
#include <getopt.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
Go to the source code of this file.
|
||||||||||||||||||||||||
|
Definition at line 433 of file rules-tests.c. References apol_str_appendf(), apol_vector_destroy(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, POLDIFF_FORM_ADD_TYPE, POLDIFF_FORM_ADDED, POLDIFF_FORM_MODIFIED, POLDIFF_FORM_REMOVE_TYPE, POLDIFF_FORM_REMOVED, and shallow_copy_str_vec_and_sort(). Referenced by avrule_to_string(). 00435 {
00436 char *perm_add_char = "+", *perm_remove_char = "-";
00437 apol_vector_t *added_copy = shallow_copy_str_vec_and_sort(added);
00438 apol_vector_t *removed_copy = shallow_copy_str_vec_and_sort(removed);
00439 apol_vector_t *unmodified_copy = shallow_copy_str_vec_and_sort(unmodified);
00440 int error = 0;
00441 switch (form) {
00442 case POLDIFF_FORM_ADDED:
00443 case POLDIFF_FORM_ADD_TYPE:
00444 perm_add_char = "";
00445 break;
00446 case POLDIFF_FORM_REMOVE_TYPE:
00447 case POLDIFF_FORM_REMOVED:
00448 perm_remove_char = "";
00449 break;
00450 case POLDIFF_FORM_MODIFIED:
00451 // do nothing
00452 break;
00453 default:
00454 // should never get here
00455 assert(0);
00456 }
00457 size_t i, str_len;
00458 char *perm_name = NULL, *str = NULL;
00459 for (i = 0; unmodified_copy != NULL && i < apol_vector_get_size(unmodified_copy); ++i) {
00460 char *unmod_perm = apol_vector_get_element(unmodified_copy, i);
00461 apol_str_appendf(&str, &str_len, " %s", unmod_perm);
00462 }
00463 if (show_changes) {
00464 for (i = 0; added != NULL && i < apol_vector_get_size(added); i++) {
00465 perm_name = (char *)apol_vector_get_element(added_copy, i);
00466 if (apol_str_appendf(&str, &str_len, " %s%s", perm_add_char, perm_name) < 0) {
00467 error = errno;
00468 goto err;
00469 }
00470 }
00471 for (i = 0; removed != NULL && i < apol_vector_get_size(removed_copy); i++) {
00472 perm_name = (char *)apol_vector_get_element(removed_copy, i);
00473 if (apol_str_appendf(&str, &str_len, " %s%s", perm_remove_char, perm_name) < 0) {
00474 error = errno;
00475 goto err;
00476 }
00477 }
00478 }
00479 apol_vector_destroy(&added_copy);
00480 apol_vector_destroy(&removed_copy);
00481 apol_vector_destroy(&unmodified_copy);
00482 return str;
00483 err:
00484 free(str);
00485 return NULL;
00486 }
|
|
||||||||||||||||
|
Definition at line 488 of file rules-tests.c. References apol_rule_type_to_str(), apol_str_appendf(), apol_vector_t, get_rule_modification_str(), poldiff_avrule_get_added_perms(), poldiff_avrule_get_object_class(), poldiff_avrule_get_removed_perms(), poldiff_avrule_get_rule_type(), poldiff_avrule_get_source_type(), poldiff_avrule_get_target_type(), poldiff_avrule_get_unmodified_perms(), and poldiff_avrule_t. Referenced by build_avrule_vecs(). 00489 {
00490 const poldiff_avrule_t *avr = (const poldiff_avrule_t *)arg;
00491 char *str = NULL;
00492 size_t str_len = 0;
00493 uint32_t rule_type = poldiff_avrule_get_rule_type(avr);
00494 const char *rule_type_str = apol_rule_type_to_str(rule_type);
00495 const char *target_type = poldiff_avrule_get_target_type(avr);
00496 const char *source_type = poldiff_avrule_get_source_type(avr);
00497 const char *object_class = poldiff_avrule_get_object_class(avr);
00498 apol_str_appendf(&str, &str_len, "%s %s %s : %s", rule_type_str, source_type, target_type, object_class);
00499 if (show_changes) {
00500 const apol_vector_t *unmodified_perms = poldiff_avrule_get_unmodified_perms(avr);
00501 const apol_vector_t *removed_perms = poldiff_avrule_get_removed_perms(avr);
00502 const apol_vector_t *added_perms = poldiff_avrule_get_added_perms(avr);
00503 char *perm_str = get_rule_modification_str(unmodified_perms, added_perms, removed_perms, form, show_changes);
00504 apol_str_appendf(&str, &str_len, "%s", perm_str);
00505 free(perm_str);
00506 }
00507 return str;
00508 }
|
|
||||||||||||||||
|
Definition at line 510 of file rules-tests.c. References apol_rule_type_to_str(), apol_str_appendf(), POLDIFF_FORM_ADD_TYPE, POLDIFF_FORM_ADDED, POLDIFF_FORM_MODIFIED, POLDIFF_FORM_REMOVE_TYPE, POLDIFF_FORM_REMOVED, poldiff_terule_get_modified_default(), poldiff_terule_get_object_class(), poldiff_terule_get_original_default(), poldiff_terule_get_rule_type(), poldiff_terule_get_source_type(), poldiff_terule_get_target_type(), and poldiff_terule_t. Referenced by build_terule_vecs(). 00511 {
00512 poldiff_terule_t *ter = (poldiff_terule_t *) arg;
00513 char *str = NULL;
00514 size_t str_len = 0;
00515 uint32_t rule_type = poldiff_terule_get_rule_type(ter);
00516 const char *rule_type_str = apol_rule_type_to_str(rule_type);
00517 const char *target_type = poldiff_terule_get_target_type(ter);
00518 const char *source_type = poldiff_terule_get_source_type(ter);
00519 const char *object_class = poldiff_terule_get_object_class(ter);
00520 const char *default_type;
00521 switch (form) {
00522 case POLDIFF_FORM_ADDED:
00523 case POLDIFF_FORM_ADD_TYPE:
00524 default_type = poldiff_terule_get_modified_default(ter);
00525 break;
00526 case POLDIFF_FORM_REMOVED:
00527 case POLDIFF_FORM_REMOVE_TYPE:
00528 case POLDIFF_FORM_MODIFIED:
00529 default_type = poldiff_terule_get_original_default(ter);
00530 break;
00531 default:
00532 // should never get here
00533 assert(0);
00534 }
00535 if (form == POLDIFF_FORM_MODIFIED && show_changes) {
00536 const char *orig_default = poldiff_terule_get_original_default(ter);
00537 const char *mod_default = poldiff_terule_get_modified_default(ter);
00538 apol_str_appendf(&str, &str_len, "%s %s %s : %s +%s -%s", rule_type_str, source_type, target_type, object_class,
00539 mod_default, orig_default);
00540 } else
00541 apol_str_appendf(&str, &str_len, "%s %s %s : %s %s", rule_type_str, source_type, target_type, object_class,
00542 default_type);
00543 return str;
00544 }
|
|
||||||||||||||||
|
Definition at line 546 of file rules-tests.c. References apol_str_appendf(), POLDIFF_FORM_ADD_TYPE, POLDIFF_FORM_ADDED, POLDIFF_FORM_MODIFIED, POLDIFF_FORM_REMOVE_TYPE, POLDIFF_FORM_REMOVED, poldiff_role_trans_get_modified_default(), poldiff_role_trans_get_original_default(), poldiff_role_trans_get_source_role(), poldiff_role_trans_get_target_type(), and poldiff_role_trans_t. Referenced by build_roletrans_vecs(). 00547 {
00548 poldiff_role_trans_t *rt = (poldiff_role_trans_t *) arg;
00549 char *str = NULL;
00550 size_t str_len = 0;
00551 const char *source_role = poldiff_role_trans_get_source_role(rt);
00552 const char *target_type = poldiff_role_trans_get_target_type(rt);
00553 apol_str_appendf(&str, &str_len, "role_transition %s %s", source_role, target_type);
00554 if (show_changes) {
00555 const char *orig_default = poldiff_role_trans_get_original_default(rt);
00556 const char *mod_default = poldiff_role_trans_get_modified_default(rt);
00557
00558 switch (form) {
00559 case POLDIFF_FORM_ADDED:
00560 case POLDIFF_FORM_ADD_TYPE:
00561 apol_str_appendf(&str, &str_len, " %s", mod_default);
00562 break;
00563 case POLDIFF_FORM_REMOVED:
00564 case POLDIFF_FORM_REMOVE_TYPE:
00565 apol_str_appendf(&str, &str_len, " %s", orig_default);
00566 break;
00567 case POLDIFF_FORM_MODIFIED:
00568 apol_str_appendf(&str, &str_len, " { +%s -%s }", mod_default, orig_default);
00569 break;
00570 default:
00571 // should never get here:
00572 assert(0);
00573 }
00574 }
00575 return str;
00576 }
|
|
||||||||||||||||
|
Definition at line 578 of file rules-tests.c. References apol_str_appendf(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, fmt, POLDIFF_FORM_ADDED, POLDIFF_FORM_MODIFIED, POLDIFF_FORM_REMOVED, poldiff_role_allow_get_added_roles(), poldiff_role_allow_get_name(), poldiff_role_allow_get_removed_roles(), poldiff_role_allow_get_unmodified_roles(), and poldiff_role_allow_t. Referenced by build_roleallow_vecs(). 00579 {
00580 poldiff_role_allow_t *rat = (poldiff_role_allow_t *) arg;
00581 char *str = NULL, *orig_roles_str = NULL;
00582 size_t str_len = 0, orig_roles_str_len = 0;
00583 const char *name = poldiff_role_allow_get_name(rat);
00584 const apol_vector_t *orig_roles;
00585 switch (form) {
00586 case POLDIFF_FORM_ADDED:
00587 orig_roles = poldiff_role_allow_get_added_roles(rat);
00588 break;
00589 case POLDIFF_FORM_REMOVED:
00590 orig_roles = poldiff_role_allow_get_removed_roles(rat);
00591 break;
00592 case POLDIFF_FORM_MODIFIED:
00593 orig_roles = poldiff_role_allow_get_unmodified_roles(rat);
00594 break;
00595 default:
00596 // should never get here
00597 assert(0);
00598 }
00599 size_t i;
00600 size_t num_orig_roles = apol_vector_get_size(orig_roles);
00601 const char *fmt;
00602 if (num_orig_roles > 1 || (show_changes && form == POLDIFF_FORM_MODIFIED))
00603 fmt = "allow %s {%s }";
00604 else
00605 fmt = "allow %s%s";
00606 for (i = 0; i < num_orig_roles; ++i) {
00607 char *role = apol_vector_get_element(orig_roles, i);
00608 apol_str_appendf(&orig_roles_str, &orig_roles_str_len, " %s", role);
00609 }
00610 if (show_changes && form == POLDIFF_FORM_MODIFIED) {
00611 const apol_vector_t *added_role_v = poldiff_role_allow_get_added_roles(rat);
00612 for (i = 0; i < apol_vector_get_size(added_role_v); ++i) {
00613 char *added_role = apol_vector_get_element(added_role_v, i);
00614 apol_str_appendf(&orig_roles_str, &orig_roles_str_len, " +%s", added_role);
00615 }
00616 const apol_vector_t *removed_role_v = poldiff_role_allow_get_removed_roles(rat);
00617 for (i = 0; i < apol_vector_get_size(removed_role_v); ++i) {
00618 char *removed_role = apol_vector_get_element(removed_role_v, i);
00619 apol_str_appendf(&orig_roles_str, &orig_roles_str_len, " -%s", removed_role);
00620 }
00621 }
00622 apol_str_appendf(&str, &str_len, fmt, name, orig_roles_str);
00623 free(orig_roles_str);
00624 return str;
00625 }
|
|
|
Definition at line 627 of file rules-tests.c. References added_v, apol_vector_append(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, diff, modified_name_only_v, modified_v, POLDIFF_FORM_ADDED, poldiff_form_e, POLDIFF_FORM_MODIFIED, POLDIFF_FORM_REMOVED, poldiff_get_role_allow_vector(), poldiff_role_allow_get_form(), removed_v, and roleallow_to_string(). Referenced by run_test(). 00628 {
00629 char *str = NULL, *name_only = NULL;
00630 size_t i;
00631 const void *item = NULL;
00632 const apol_vector_t *v = NULL;
00633 v = poldiff_get_role_allow_vector(diff);
00634 for (i = 0; i < apol_vector_get_size(v); i++) {
00635 item = apol_vector_get_element(v, i);
00636 if (!item)
00637 return;
00638 poldiff_form_e form = poldiff_role_allow_get_form(item);
00639 str = roleallow_to_string(item, form, 1);
00640 if (!str)
00641 break;
00642 switch (form) {
00643 case POLDIFF_FORM_ADDED:
00644 apol_vector_append(added_v, str);
00645 break;
00646 case POLDIFF_FORM_REMOVED:
00647 apol_vector_append(removed_v, str);
00648 break;
00649 case POLDIFF_FORM_MODIFIED:
00650 name_only = roleallow_to_string(item, form, 0);
00651 apol_vector_append(modified_name_only_v, name_only);
00652 apol_vector_append(modified_v, str);
00653 break;
00654 default:
00655 // should never get here
00656 assert(0);
00657 }
00658 }
00659 }
|
|
|
Definition at line 661 of file rules-tests.c. References added_roletrans_type, added_type_rules_v, added_v, apol_vector_append(), apol_vector_compare(), apol_vector_create(), apol_vector_destroy(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_sort(), apol_vector_t, compare_str(), correct_added_type_rules_v, correct_removed_type_rules_v, diff, modified_name_only_v, modified_v, POLDIFF_FORM_ADD_TYPE, POLDIFF_FORM_ADDED, poldiff_form_e, POLDIFF_FORM_MODIFIED, POLDIFF_FORM_REMOVE_TYPE, POLDIFF_FORM_REMOVED, poldiff_get_role_trans_vector(), poldiff_role_trans_get_form(), print_test_failure(), removed_roletrans_type, removed_type_rules_v, removed_v, roletrans_to_string(), and string_array_to_vector(). Referenced by run_test(). 00662 {
00663 added_type_rules_v = apol_vector_create(free);
00664 removed_type_rules_v = apol_vector_create(free);
00665 correct_added_type_rules_v = string_array_to_vector(added_roletrans_type);
00666 correct_removed_type_rules_v = string_array_to_vector(removed_roletrans_type);
00667
00668 char *str = NULL, *name_only;
00669 size_t i;
00670 const void *item = NULL;
00671 const apol_vector_t *v = NULL;
00672 v = poldiff_get_role_trans_vector(diff);
00673 for (i = 0; i < apol_vector_get_size(v); i++) {
00674 item = apol_vector_get_element(v, i);
00675 if (!item)
00676 return;
00677 poldiff_form_e form = poldiff_role_trans_get_form(item);
00678 str = roletrans_to_string(item, form, 1);
00679 if (!str)
00680 break;
00681 switch (form) {
00682 case POLDIFF_FORM_ADDED:
00683 apol_vector_append(added_v, str);
00684 break;
00685 case POLDIFF_FORM_REMOVED:
00686 apol_vector_append(removed_v, str);
00687 break;
00688 case POLDIFF_FORM_ADD_TYPE:
00689 apol_vector_append(added_type_rules_v, str);
00690 break;
00691 case POLDIFF_FORM_REMOVE_TYPE:
00692 apol_vector_append(removed_type_rules_v, str);
00693 break;
00694 case POLDIFF_FORM_MODIFIED:
00695 name_only = roletrans_to_string(item, form, 0);
00696 apol_vector_append(modified_name_only_v, name_only);
00697 apol_vector_append(modified_v, str);
00698 break;
00699 default:
00700 // should never get here
00701 assert(0);
00702 }
00703 }
00704 int test_result;
00705 size_t first_diff = 0;
00706 apol_vector_sort(added_type_rules_v, compare_str, NULL);
00707 apol_vector_sort(correct_added_type_rules_v, compare_str, NULL);
00708 CU_ASSERT_FALSE(test_result =
00709 apol_vector_compare(added_type_rules_v, correct_added_type_rules_v, compare_str, NULL, &first_diff));
00710 if (test_result) {
00711 print_test_failure(added_type_rules_v, correct_added_type_rules_v, first_diff, "Added Rule (due to Type)");
00712 }
00713 apol_vector_sort(removed_type_rules_v, compare_str, NULL);
00714 apol_vector_sort(correct_removed_type_rules_v, compare_str, NULL);
00715 CU_ASSERT_FALSE(test_result =
00716 apol_vector_compare(removed_type_rules_v, correct_removed_type_rules_v, compare_str, NULL, &first_diff));
00717 if (test_result) {
00718 print_test_failure(removed_type_rules_v, correct_removed_type_rules_v, first_diff, "Removed Rule (due to Type)");
00719 }
00720 apol_vector_destroy(&added_type_rules_v);
00721 apol_vector_destroy(&correct_added_type_rules_v);
00722 apol_vector_destroy(&removed_type_rules_v);
00723 apol_vector_destroy(&correct_removed_type_rules_v);
00724 }
|
|
|
Definition at line 726 of file rules-tests.c. References added_type_rules_v, added_type_terules, added_v, apol_vector_append(), apol_vector_cat(), apol_vector_compare(), apol_vector_create(), apol_vector_destroy(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_sort(), apol_vector_t, compare_str(), correct_added_type_rules_v, correct_removed_type_rules_v, diff, modified_name_only_v, modified_v, POLDIFF_FORM_ADD_TYPE, POLDIFF_FORM_ADDED, poldiff_form_e, POLDIFF_FORM_MODIFIED, POLDIFF_FORM_REMOVE_TYPE, POLDIFF_FORM_REMOVED, poldiff_get_terule_vector_change(), poldiff_get_terule_vector_member(), poldiff_get_terule_vector_trans(), poldiff_terule_get_form(), print_test_failure(), removed_type_rules_v, removed_type_terules, removed_v, string_array_to_vector(), and terule_to_string(). Referenced by run_test(). 00727 {
00728 added_type_rules_v = apol_vector_create(free);
00729 removed_type_rules_v = apol_vector_create(free);
00730 correct_added_type_rules_v = string_array_to_vector(added_type_terules);
00731 correct_removed_type_rules_v = string_array_to_vector(removed_type_terules);
00732
00733 size_t i;
00734 char *str = NULL;
00735 const void *item = NULL;
00736 const apol_vector_t *member_v = NULL, *change_v = NULL, *trans_v = NULL;
00737 member_v = poldiff_get_terule_vector_member(diff);
00738 change_v = poldiff_get_terule_vector_change(diff);
00739 trans_v = poldiff_get_terule_vector_trans(diff);
00740 apol_vector_t *all_terules = apol_vector_create(NULL);
00741 apol_vector_cat(all_terules, member_v);
00742 apol_vector_cat(all_terules, change_v);
00743 apol_vector_cat(all_terules, trans_v);
00744
00745 for (i = 0; i < apol_vector_get_size(all_terules); i++) {
00746 item = apol_vector_get_element(all_terules, i);
00747 if (!item)
00748 return;
00749 poldiff_form_e form = poldiff_terule_get_form(item);
00750 str = terule_to_string(item, form, 1);
00751 if (!str)
00752 break;
00753 char *name_only = NULL;
00754 switch (form) {
00755 case POLDIFF_FORM_ADDED:
00756 apol_vector_append(added_v, str);
00757 break;
00758 case POLDIFF_FORM_REMOVED:
00759 apol_vector_append(removed_v, str);
00760 break;
00761 case POLDIFF_FORM_ADD_TYPE:
00762 apol_vector_append(added_type_rules_v, str);
00763 break;
00764 case POLDIFF_FORM_REMOVE_TYPE:
00765 apol_vector_append(removed_type_rules_v, str);
00766 break;
00767 case POLDIFF_FORM_MODIFIED:
00768 name_only = terule_to_string(item, form, 0);
00769 apol_vector_append(modified_name_only_v, name_only);
00770 apol_vector_append(modified_v, str);
00771 break;
00772 default:
00773 // should never get here
00774 assert(0);
00775 }
00776 }
00777 size_t first_diff = 0;
00778 int test_result = 0;
00779 apol_vector_sort(added_type_rules_v, compare_str, NULL);
00780 apol_vector_sort(correct_added_type_rules_v, compare_str, NULL);
00781 CU_ASSERT_FALSE(test_result =
00782 apol_vector_compare(added_type_rules_v, correct_added_type_rules_v, compare_str, NULL, &first_diff));
00783 if (test_result) {
00784 print_test_failure(added_type_rules_v, correct_added_type_rules_v, first_diff, "Added Rules (due to types)");
00785 }
00786
00787 apol_vector_sort(removed_type_rules_v, compare_str, NULL);
00788 apol_vector_sort(correct_removed_type_rules_v, compare_str, NULL);
00789 CU_ASSERT_FALSE(test_result =
00790 apol_vector_compare(removed_type_rules_v, correct_removed_type_rules_v, compare_str, NULL, &first_diff));
00791 if (test_result) {
00792 print_test_failure(removed_type_rules_v, correct_removed_type_rules_v, first_diff, "Removed Rules (due to types)");
00793 }
00794 apol_vector_destroy(&all_terules);
00795 apol_vector_destroy(&added_type_rules_v);
00796 apol_vector_destroy(&correct_added_type_rules_v);
00797 apol_vector_destroy(&removed_type_rules_v);
00798 apol_vector_destroy(&correct_removed_type_rules_v);
00799 }
|
|
|
Definition at line 801 of file rules-tests.c. References added_type_avrules, added_type_rules_v, added_v, apol_vector_append(), apol_vector_cat(), apol_vector_compare(), apol_vector_create(), apol_vector_destroy(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_sort(), apol_vector_t, avrule_to_string(), compare_str(), correct_added_type_rules_v, correct_removed_type_rules_v, diff, modified_name_only_v, modified_v, poldiff_avrule_get_form(), POLDIFF_FORM_ADD_TYPE, POLDIFF_FORM_ADDED, poldiff_form_e, POLDIFF_FORM_MODIFIED, POLDIFF_FORM_REMOVE_TYPE, POLDIFF_FORM_REMOVED, poldiff_get_avrule_vector_allow(), poldiff_get_avrule_vector_auditallow(), poldiff_get_avrule_vector_dontaudit(), poldiff_get_avrule_vector_neverallow(), removed_type_avrules, removed_type_rules_v, removed_v, and string_array_to_vector(). Referenced by run_test(). 00802 {
00803 added_type_rules_v = apol_vector_create(free);
00804 removed_type_rules_v = apol_vector_create(free);
00805 correct_added_type_rules_v = string_array_to_vector(added_type_avrules);
00806 correct_removed_type_rules_v = string_array_to_vector(removed_type_avrules);
00807
00808 size_t i;
00809 char *str = NULL, *name_only = NULL;
00810 const void *item = NULL;
00811 const apol_vector_t *allow_v = NULL, *neverallow_v = NULL, *auditallow_v = NULL, *dontaudit_v = NULL;
00812 apol_vector_t *all_avrules_v = apol_vector_create(NULL);
00813
00814 allow_v = poldiff_get_avrule_vector_allow(diff);
00815 neverallow_v = poldiff_get_avrule_vector_neverallow(diff);
00816 auditallow_v = poldiff_get_avrule_vector_auditallow(diff);
00817 dontaudit_v = poldiff_get_avrule_vector_dontaudit(diff);
00818
00819 apol_vector_cat(all_avrules_v, allow_v);
00820 apol_vector_cat(all_avrules_v, neverallow_v);
00821 apol_vector_cat(all_avrules_v, auditallow_v);
00822 apol_vector_cat(all_avrules_v, dontaudit_v);
00823
00824 for (i = 0; i < apol_vector_get_size(all_avrules_v); i++) {
00825 item = apol_vector_get_element(all_avrules_v, i);
00826 if (!item)
00827 return;
00828 poldiff_form_e form = poldiff_avrule_get_form(item);
00829 str = avrule_to_string(item, form, 1);
00830 if (!str)
00831 break;
00832 switch (form) {
00833 case POLDIFF_FORM_ADDED:
00834 apol_vector_append(added_v, str);
00835 break;
00836 case POLDIFF_FORM_REMOVED:
00837 apol_vector_append(removed_v, str);
00838 break;
00839 case POLDIFF_FORM_ADD_TYPE:
00840 apol_vector_append(added_type_rules_v, str);
00841 break;
00842 case POLDIFF_FORM_REMOVE_TYPE:
00843 apol_vector_append(removed_type_rules_v, str);
00844 break;
00845 case POLDIFF_FORM_MODIFIED:
00846 name_only = avrule_to_string(item, form, 0);
00847 apol_vector_append(modified_name_only_v, name_only);
00848 apol_vector_append(modified_v, str);
00849 break;
00850 default:
00851 // should never get here
00852 assert(0);
00853 }
00854 }
00855 size_t first_diff = 0;
00856 apol_vector_sort(added_type_rules_v, compare_str, NULL);
00857 apol_vector_sort(correct_added_type_rules_v, compare_str, NULL);
00858 CU_ASSERT_FALSE(apol_vector_compare(added_type_rules_v, correct_added_type_rules_v, compare_str, NULL, &first_diff));
00859
00860 apol_vector_sort(removed_type_rules_v, compare_str, NULL);
00861 apol_vector_sort(correct_removed_type_rules_v, compare_str, NULL);
00862 CU_ASSERT_FALSE(apol_vector_compare(removed_type_rules_v, correct_removed_type_rules_v, compare_str, NULL, &first_diff));
00863
00864 apol_vector_destroy(&removed_type_rules_v);
00865 apol_vector_destroy(&correct_removed_type_rules_v);
00866 apol_vector_destroy(&added_type_rules_v);
00867 apol_vector_destroy(&correct_added_type_rules_v);
00868 apol_vector_destroy(&all_avrules_v);
00869 }
|
|
|
Definition at line 871 of file rules-tests.c. References added_avrules, cleanup_test(), init_answer_vectors(), modified_avrules, poldiff_test_answers_t, removed_avrules, run_test(), test_numbers_e, and unchanged_avrules. Referenced by main(). 00872 {
00873 test_numbers_e test_num = RULES_AVRULE;
00874 poldiff_test_answers_t *answers = init_answer_vectors(added_avrules, removed_avrules, unchanged_avrules, modified_avrules);
00875 run_test(NULL, answers, test_num);
00876 cleanup_test(answers);
00877 }
|
|
|
Definition at line 879 of file rules-tests.c. References added_terules, cleanup_test(), init_answer_vectors(), modified_terules, poldiff_test_answers_t, removed_terules, run_test(), test_numbers_e, and unchanged_terules. Referenced by main(). 00880 {
00881 test_numbers_e test_num = RULES_TERULE;
00882 poldiff_test_answers_t *answers = init_answer_vectors(added_terules, removed_terules, unchanged_terules, modified_terules);
00883 run_test(NULL, answers, test_num);
00884 cleanup_test(answers);
00885 }
|
|
|
Definition at line 887 of file rules-tests.c. References added_roleallowrules, cleanup_test(), init_answer_vectors(), modified_roleallowrules, poldiff_test_answers_t, removed_roleallowrules, run_test(), test_numbers_e, and unchanged_roleallowrules. Referenced by main(). 00888 {
00889 test_numbers_e test_num = RULES_ROLEALLOW;
00890 poldiff_test_answers_t *answers =
00891 init_answer_vectors(added_roleallowrules, removed_roleallowrules, unchanged_roleallowrules,
00892 modified_roleallowrules);
00893 run_test(NULL, answers, test_num);
00894 cleanup_test(answers);
00895 }
|
|
|
Definition at line 897 of file rules-tests.c. References added_roletrans_rules, cleanup_test(), init_answer_vectors(), modified_roletrans_rules, poldiff_test_answers_t, removed_roletrans_rules, run_test(), test_numbers_e, and unchanged_roletrans_rules. Referenced by main(). 00898 {
00899 test_numbers_e test_num = RULES_ROLETRANS;
00900 poldiff_test_answers_t *answers =
00901 init_answer_vectors(added_roletrans_rules, removed_roletrans_rules, unchanged_roletrans_rules,
00902 modified_roletrans_rules);
00903 run_test(NULL, answers, test_num);
00904 cleanup_test(answers);
00905 }
|
|
|
Definition at line 907 of file rules-tests.c. References diff, init_poldiff(), RULES_MOD_POLICY, and RULES_ORIG_POLICY. 00908 {
00909 if (!(diff = init_poldiff(RULES_ORIG_POLICY, RULES_MOD_POLICY))) {
00910 return 1;
00911 } else {
00912 return 0;
00913 }
00914 }
|
|
|
Definition at line 46 of file rules-tests.c. Referenced by build_avrule_vecs(), build_roletrans_vecs(), and build_terule_vecs(). |
|
|
Definition at line 47 of file rules-tests.c. Referenced by build_avrule_vecs(), build_roletrans_vecs(), and build_terule_vecs(). |
|
|
Definition at line 48 of file rules-tests.c. Referenced by build_avrule_vecs(), build_roletrans_vecs(), and build_terule_vecs(). |
|
|
Definition at line 49 of file rules-tests.c. Referenced by build_avrule_vecs(), build_roletrans_vecs(), and build_terule_vecs(). |
|
|
Initial value: {
"allow placeholder_t placeholder_t : file read",
"auditallow potato_t pine_t : dir setattr",
NULL
}
Definition at line 51 of file rules-tests.c. Referenced by rules_avrules_tests(). |
|
|
Initial value: {
"allow bear_t oak_t : fifo_file write",
"allow rock_t log_t : file getattr",
"allow tiger_t bear_t : file execute",
"auditallow system_t log_t : netif udp_recv",
"neverallow lion_t bear_t : file execute",
NULL
}
Definition at line 57 of file rules-tests.c. Referenced by rules_avrules_tests(). |
|
|
Initial value: {
"allow rock_t log_t : dir search",
"auditallow system_t log_t : node udp_recv",
"allow bear_t bear_t : dir search",
"allow bear_t birch_t : fd use",
"allow bear_t daikon_t : fd use",
"allow bear_t glass_t : file getattr",
"allow bear_t holly_t : fd use",
"allow bear_t oak_t : fd use",
"allow bear_t pine_t : fd use",
"allow bear_t potato_t : fd use",
NULL
}
Definition at line 66 of file rules-tests.c. Referenced by rules_avrules_tests(). |
|
|
Initial value: {
"allow firefly_t file_t : file execute +lock",
"dontaudit bass_t stone_t : dir read search -getattr",
"dontaudit trout_t stone_t : dir read search -getattr",
"allow potato_t daikon_t : file getattr ioctl setattr +write -read",
NULL
}
Definition at line 81 of file rules-tests.c. Referenced by rules_avrules_tests(). |
|
|
Definition at line 92 of file rules-tests.c. Referenced by build_avrule_vecs(). |
|
|
Definition at line 173 of file rules-tests.c. Referenced by build_avrule_vecs(). |
|
|
Initial value: {
"allow admin_r staff_r user_r",
"allow deity_r { admin_r aquarium_r garden_r guest_r intern_r lumberjack_r mammal_r placeholder_r staff_r user_r zoo_r }",
"allow mammal_r intern_r user_r",
"allow placeholder_r staff_r",
NULL
}
Definition at line 264 of file rules-tests.c. Referenced by rules_roleallow_tests(). |
|
|
Initial value: {
"allow intern_r user_r",
NULL
}
Definition at line 272 of file rules-tests.c. Referenced by rules_roleallow_tests(). |
|
|
Initial value: {
"allow guest_r user_r",
NULL
}
Definition at line 277 of file rules-tests.c. Referenced by rules_roleallow_tests(). |
|
|
Initial value: {
"allow aquarium_r { guest_r staff_r +admin_r }",
"allow user_r { placeholder_r +guest_r }",
"allow garden_r { guest_r -user_r -zoo_r }",
"allow lumberjack_r { garden_r -staff_r }",
"allow zoo_r { aquarium_r garden_r mammal_r -admin_r }",
"allow staff_r { guest_r user_r +mammal_r -intern_r }",
NULL
}
Definition at line 282 of file rules-tests.c. Referenced by rules_roleallow_tests(). |
|
|
Initial value: {
"role_transition garden_r birch_t lumberjack_r",
"role_transition garden_r oak_t lumberjack_r",
"role_transition garden_r pine_t lumberjack_r",
"role_transition staff_r holly_t garden_r",
NULL
}
Definition at line 295 of file rules-tests.c. Referenced by rules_roletrans_tests(). |
|
|
Initial value: {
"role_transition guest_r bear_t staff_r",
"role_transition intern_r file_t staff_r",
NULL
}
Definition at line 303 of file rules-tests.c. Referenced by rules_roletrans_tests(). |
|
|
Initial value: {
"role_transition zoo_r bass_t aquarium_r",
"role_transition zoo_r bear_t mammal_r",
"role_transition zoo_r trout_t aquarium_r",
NULL
}
Definition at line 309 of file rules-tests.c. Referenced by rules_roletrans_tests(). |
|
|
Initial value: {
"role_transition guest_r dirt_t { +admin_r -intern_r }",
NULL
}
Definition at line 316 of file rules-tests.c. Referenced by rules_roletrans_tests(). |
|
|
Initial value: {
"role_transition guest_r pipe_t staff_r",
"role_transition admin_r pipe_t staff_r",
"role_transition staff_r hippo_t zoo_r",
"role_transition zoo_r hippo_t mammal_r",
NULL
}
Definition at line 321 of file rules-tests.c. Referenced by build_roletrans_vecs(). |
|
|
Initial value: {
"role_transition guest_r koala_t staff_r",
"role_transition staff_r koala_t zoo_r",
NULL
}
Definition at line 331 of file rules-tests.c. Referenced by build_roletrans_vecs(). |
|
|
Initial value: {
"type_transition system_t dirt_t : process daikon_t",
NULL
}
Definition at line 339 of file rules-tests.c. Referenced by rules_terules_tests(). |
|
|
Initial value: {
"type_member log_t file_t : netif rock_t",
"type_transition holly_t bear_t : dir oak_t",
NULL
}
Definition at line 344 of file rules-tests.c. Referenced by rules_terules_tests(). |
|
|
Initial value: {
"type_transition potato_t pine_t : fd log_t",
"type_change file_t bear_t : passwd daikon_t",
"type_member log_t file_t : node rock_t",
"type_change log_t bear_t : passwd daikon_t",
NULL
}
Definition at line 350 of file rules-tests.c. Referenced by rules_terules_tests(). |
|
|
Initial value: {
"type_transition hippo_t log_t : file system_t",
"type_transition bear_t pipe_t : chr_file birch_t",
"type_transition hippo_t stone_t : netif potato_t",
"type_change glass_t hippo_t : socket bass_t",
"type_change hippo_t pipe_t : gc log_t",
"type_change file_t hippo_t : passwd daikon_t",
"type_change log_t hippo_t : passwd daikon_t",
"type_change pipe_t hippo_t : passwd daikon_t",
"type_change pipe_t lion_t : passwd daikon_t",
"type_change pipe_t tiger_t : passwd daikon_t",
"type_member hippo_t birch_t : chr_file file_t",
"type_member hippo_t daikon_t : chr_file file_t",
"type_member hippo_t holly_t : chr_file file_t",
"type_member hippo_t oak_t : chr_file file_t",
"type_member hippo_t pine_t : chr_file file_t",
"type_member hippo_t potato_t : chr_file file_t",
NULL
}
Definition at line 358 of file rules-tests.c. Referenced by build_terule_vecs(). |
|
|
Definition at line 383 of file rules-tests.c. Referenced by build_terule_vecs(). |
|
|
Initial value: {
"type_transition lion_t tiger_t : file +bear_t -koala_t",
NULL
}
Definition at line 428 of file rules-tests.c. Referenced by rules_terules_tests(). |
